* @return string representing 'pub'
*/
char *
-GNUNET_CRYPTO_rsa_public_key_to_string (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub)
+GNUNET_CRYPTO_rsa_public_key_to_string (const struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded *pub)
{
char *pubkeybuf;
size_t keylen = (sizeof (struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded)) * 8;
* Encode the private key in a format suitable for
* storing it into a file.
*
- * @returns encoding of the private key.
+ * @return encoding of the private key.
* The first 4 bytes give the size of the array, as usual.
*/
struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded *
*
* @param buf the buffer where the private key data is stored
* @param len the length of the data in 'buffer'
+ * @return NULL on error
*/
struct GNUNET_CRYPTO_RsaPrivateKey *
GNUNET_CRYPTO_rsa_decode_key (const char *buf, uint16_t len)
gcry_mpi_t u;
int rc;
size_t size;
- int pos;
+ size_t pos;
uint16_t enc_len;
+ size_t erroff;
enc_len = ntohs (encoding->len);
if (len != enc_len)
if ((NULL != p) && (NULL != q) && (NULL != u))
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)(u %m)))",
n, e, d, p, q, u);
}
{
if ((NULL != p) && (NULL != q))
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)(p %m)(q %m)))",
n, e, d, p, q);
}
else
{
- rc = gcry_sexp_build (&res, &size, /* erroff */
+ rc = gcry_sexp_build (&res, &erroff,
"(private-key(rsa(n %m)(e %m)(d %m)))", n, e, d);
}
}
if (0 != rc)
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_sexp_build", rc);
#if EXTRA_CHECKS
- if (gcry_pk_testkey (res))
+ if (0 != (rc = gcry_pk_testkey (res)))
{
LOG_GCRY (GNUNET_ERROR_TYPE_ERROR, "gcry_pk_testkey", rc);
return NULL;
if (fs > UINT16_MAX)
{
LOG (GNUNET_ERROR_TYPE_ERROR,
- _("File `%s' does not contain a valid private key (too long, %llu bytes). Deleting it.\n"),
+ _("File `%s' does not contain a valid private key (too long, %llu bytes). Renaming it.\n"),
filename,
(unsigned long long) fs);
GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
- if (0 != UNLINK (filename))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
+ GNUNET_DISK_file_backup (filename);
return NULL;
}
filename,
(unsigned long long) fs);
GNUNET_break (GNUNET_OK == GNUNET_DISK_file_close (fd));
- if (0 != UNLINK (filename))
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
+ GNUNET_DISK_file_backup (filename);
GNUNET_free (enc);
return NULL;
}
GNUNET_assert (GNUNET_YES == GNUNET_DISK_file_close (fd));
GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("I am host `%s'. Stored new private key in `%s'.\n"),
- GNUNET_i2s (&pid), filename);
return ret;
}
/* hostkey file exists already, read it! */
STRERROR (ec));
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("This may be ok if someone is currently generating a hostkey.\n"));
+ ("This may be ok if someone is currently generating a private key.\n"));
}
short_wait ();
continue;
fs = 0;
if (fs < sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded))
{
- /* maybe we got the read lock before the hostkey generating
+ /* maybe we got the read lock before the key generating
* process had a chance to get the write lock; give it up! */
if (GNUNET_YES !=
GNUNET_DISK_file_unlock (fd, 0,
{
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("When trying to read hostkey file `%s' I found %u bytes but I need at least %u.\n"),
+ ("When trying to read key file `%s' I found %u bytes but I need at least %u.\n"),
filename, (unsigned int) fs,
(unsigned int) sizeof (struct GNUNET_CRYPTO_RsaPrivateKeyBinaryEncoded));
LOG (GNUNET_ERROR_TYPE_ERROR,
_
- ("This may be ok if someone is currently generating a hostkey.\n"));
+ ("This may be ok if someone is currently generating a private key.\n"));
}
short_wait (); /* wait a bit longer! */
continue;
LOG (GNUNET_ERROR_TYPE_ERROR,
_("File `%s' does not contain a valid private key. Deleting it.\n"),
filename);
- if (0 != UNLINK (filename))
- {
- LOG_STRERROR_FILE (GNUNET_ERROR_TYPE_WARNING, "unlink", filename);
- }
+ GNUNET_DISK_file_backup (filename);
}
GNUNET_free (enc);
if (GNUNET_YES !=
{
GNUNET_CRYPTO_rsa_key_get_public (ret, &pub);
GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey);
- LOG (GNUNET_ERROR_TYPE_INFO,
- _("I am host `%s'. Read private key from `%s'.\n"), GNUNET_i2s (&pid),
- filename);
}
return ret;
}
/**
- * Setup a hostkey file for a peer given the name of the
+ * Setup a key file for a peer given the name of the
* configuration file (!). This function is used so that
* at a later point code can be certain that reading a
- * hostkey is fast (for example in time-dependent testcases).
+ * key is fast (for example in time-dependent testcases).
*
* @param cfg_name name of the configuration file to use
*/
void
-GNUNET_CRYPTO_setup_hostkey (const char *cfg_name)
+GNUNET_CRYPTO_rsa_setup_hostkey (const char *cfg_name)
{
struct GNUNET_CONFIGURATION_Handle *cfg;
struct GNUNET_CRYPTO_RsaPrivateKey *pk;
/**
- * Decrypt a given block with the hostkey.
+ * Decrypt a given block with the key.
*
* @param key the key with which to decrypt this block
* @param block the data to decrypt, encoded as returned by encrypt
}
+/**
+ * Convert the data specified in the given purpose argument to an
+ * S-expression suitable for signature operations.
+ *
+ * @param purpose data to convert
+ * @return converted s-expression
+ */
+static gcry_sexp_t
+data_to_pkcs1 (const struct GNUNET_CRYPTO_RsaSignaturePurpose *purpose)
+{
+ struct GNUNET_HashCode hc;
+ size_t bufSize;
+ gcry_sexp_t data;
+
+ GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
+#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))"
+ bufSize = strlen (FORMATSTRING) + 1;
+ {
+ char buff[bufSize];
+
+ memcpy (buff, FORMATSTRING, bufSize);
+ memcpy (&buff
+ [bufSize -
+ strlen
+ ("0123456789012345678901234567890123456789012345678901234567890123))")
+ - 1], &hc, sizeof (struct GNUNET_HashCode));
+ GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
+ }
+#undef FORMATSTRING
+ return data;
+}
+
+
/**
* Sign a given block.
*
gcry_sexp_t data;
size_t ssize;
gcry_mpi_t rval;
- struct GNUNET_HashCode hc;
- char *buff;
- int bufSize;
- GNUNET_CRYPTO_hash (purpose, ntohl (purpose->size), &hc);
-#define FORMATSTRING "(4:data(5:flags5:pkcs1)(4:hash6:sha51264:0123456789012345678901234567890123456789012345678901234567890123))"
- bufSize = strlen (FORMATSTRING) + 1;
- buff = GNUNET_malloc (bufSize);
- memcpy (buff, FORMATSTRING, bufSize);
- memcpy (&buff
- [bufSize -
- strlen
- ("0123456789012345678901234567890123456789012345678901234567890123))")
- - 1], &hc, sizeof (struct GNUNET_HashCode));
- GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
- GNUNET_free (buff);
+ data = data_to_pkcs1 (purpose);
GNUNET_assert (0 == gcry_pk_sign (&result, data, key->sexp));
gcry_sexp_release (data);
GNUNET_assert (0 == key_from_sexp (&rval, result, "rsa", "s"));
size_t size;
gcry_mpi_t val;
gcry_sexp_t psexp;
- struct GNUNET_HashCode hc;
- char *buff;
- int bufSize;
size_t erroff;
int rc;
if (purpose != ntohl (validate->purpose))
return GNUNET_SYSERR; /* purpose mismatch */
- GNUNET_CRYPTO_hash (validate, ntohl (validate->size), &hc);
size = sizeof (struct GNUNET_CRYPTO_RsaSignature);
GNUNET_assert (0 ==
gcry_mpi_scan (&val, GCRYMPI_FMT_USG,
gcry_sexp_build (&sigdata, &erroff, "(sig-val(rsa(s %m)))",
val));
gcry_mpi_release (val);
- bufSize = strlen (FORMATSTRING) + 1;
- buff = GNUNET_malloc (bufSize);
- memcpy (buff, FORMATSTRING, bufSize);
- memcpy (&buff
- [strlen (FORMATSTRING) -
- strlen
- ("0123456789012345678901234567890123456789012345678901234567890123))")],
- &hc, sizeof (struct GNUNET_HashCode));
- GNUNET_assert (0 == gcry_sexp_new (&data, buff, bufSize, 0));
- GNUNET_free (buff);
+ data = data_to_pkcs1 (validate);
if (! (psexp = decode_public_key (publicKey)))
{
gcry_sexp_release (data);